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WHAT IS CLAIMED IS : 

1 . A computer-based method, comprising: 

monitoring substantially in parallel a plurality of subsystems of the 
operating system during runtime for an event caused from a request made by a 
Downloadable; 

interrupting processing of the request; 

comparing information pertaining to the Downloadable against a 
predetermined security policy; and 

performing a predetermined responsive action based on the comparison. 

2. The method of claim 1 , wherein monitoring the operating system includes 
monitoring a request sent to a Downloadable engine. 

3. The method of claim 2, 

wherein the Downloadable engine includes a Java™ virtual machine 
having Java ™ classes; and 

wherein monitoring the operating system includes monitoring each Java™ 
class for receipt of the request. 

4. The method of claim 2, 

wherein the Downloadable engine includes an AppletX™ platform having 
a message engine, a dynamic-data-exchange and a dynamically-linked library; 
and 

wherein monitoring the operating system includes monitoring the message 
engine, the dynamic-data-exchange and the dynamically-linked library for receipt 
of the request. 

5. The method of claim 1 , further comprising determining whether 
information pertaining to the Downloadable violates a security mle. 
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6. The method of claim 5, further comprising determining whether violation of 
the security rule violates the security policy. 

7. The method of claim 1 , further comprising: 

comparing information pertaining to the Downloadable with information 
pertaining to a predetermined suspicious Downloadable; and 

performing a predetermined responsive action based on the comparison 
with the information pertaining to the predetermined suspicious Downloadable. 

8. The method of claim 1 , wherein the predetermined responsive action 
includes storing results of the comparison in an event log. 

9. The method of claim 1 , wherein the predetermined responsive action 
includes informing the user when the security policy has been violated. 

10. The method of claim 1 , wherein the predetermined responsive action 
includes storing information on the Downloadable in a suspicious Downloadable 
database. 

1 1 . The method of claim 1 , wherein the predetermined responsive action 
includes discarding the Downloadable. 

12. A system, comprising: 
a security policy; 

a plurality of operating system interfaces operating substantially in parallel, 
each interface for recognizing a runtime event in a subsystem of the operating 
system caused from a request made by a Downloadable; 

a first comparator coupled to the interfaces for comparing information 
pertaining to the received Downloadable with the security policy; and 
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a response engine coupled to the first connparator for performing a 
predeternnined responsive action based on the connparison with the security 
policy. 

5 13. The system of claim 1 2, wherein the interfaces include a Java ™ class 
extension for monitoring a Java™ class in a Java™ virtual machine for receipt of 
a request. 

14. The system of claim 12, wherein the interfaces include an AppletX™ 
10 extension for monitoring a message engine, a dynamic-data-exchange and a 

dynamically-linked library in an AppletX™ environment for receipt of a request. 

1 5. The system of claim 1 2, further comprising 
a security rule; and 

15 a second comparator, coupled to the interfaces and to the response 

engine, for determining whether information pertaining to the Downloadable 
violates the security rule. 

16. The system of claim 1 5, wherein the first comparator determines whether 
20 violation of the security rule violates the security policy. 

1 7. The system of claim 1 2, further comprising 

a predetermined suspicious Downloadable; and 

a second comparator coupled to the interfaces for comparing information 
25 pertaining to the Downloadable with information pertaining to the predetermined 
suspicious Downloadable; 

wherein the response engine is further coupled to the second comparator 
and performs the responsive action based on the comparison with the 
information pertaining to the predetermined suspicious Downloadable. 

30 
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18. The system of claim 12, further comprising an event log coupled to the 
first comparator for storing results of the comparison. 

19. The system of claim 1 2, further comprising a user interface coupled to the 
5 first comparator. 

20. The system of claim 1 2, further comprising a suspicious Downloadable 
database for storing information on known and previously-deemed suspicious 

, Downloadables. 

10 

21 . The system of claim 1 2, wherein the predetermined suspicious action 
includes discarding the Downloadable. 

22. A system for determining whether a Downloadable, which is received by a 
15 Downloadable engine, is suspicious, comprising: 

means for monitoring substantially in parallel a plurality of subsystems of 
the operating system during runtime for an event caused from a request made by 
a Downloadable; 

means for interrupting processing of the request; 
20 means for comparing information pertaining to the Downloadable against 

a predetermined security policy; and 

means for performing a predetermined responsive action based on the 
comparison. 

25 23. The system of claim 22, wherein the means for monitoring the operating 
system includes means for monitoring a request sent to a Downloadable engine. 

24. The system of claim 23, 

wherein the Downloadable engine includes a Java™ virtual machine 
30 having Java ™ classes; and 
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wherein the means for monitoring the operating system includes means 
for monitoring each Java™ class for receipt of the request. 

25. The system of claim 23, 

5 wherein the Downloadable engine includes an AppletX™ platform having 

a message engine, a dynamic-data-exchange and a dynamically-linked library; 
and 

wherein the means for monitoring the operating system includes means 
for monitoring the message engine, the dynamic-data-exchange and the 
1 0 dynamically-linked library for receipt of the request. 

26. The system of claim 22, further comprising means for determining whether 
information pertaining to the Downloadable violates a security rule. 

1 5 27. The system of claim 26, further comprising means for determining whether 
violation of the security rule violates the security policy. 

28. The method of claim 22, further comprising : 

means for comparing information pertaining to the Downloadable with 
20 information pertaining to a predetermined suspicious Downloadable; and 

means for performing a predetermined responsive action based on the 
comparison with the information pertaining to the predetermined suspicious 
Downloadable. 

25 29. The system of claim 22, wherein the predetermined responsive action 
includes storing results of the comparison in an event log. 

30. The system of claim 22, wherein the predetermined responsive action 
includes informing the user when the security policy has been violated. 

30 
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31 . The system of claim 22, wherein the predetermined responsive action 
includes storing information on the Downloadable in a suspicious Downloadable 
database. 

5 32. The system of claim 22, wherein the predetermined responsive action 
includes discarding the Downloadable. 

33. A computer-readable storage medium storing program code for causing a 
computer to perform the steps of: 

1 0 monitoring substantially in parallel a plurality of subsystems of the 

operating system during runtime for an event caused from a request made by a 
Downloadable; 

interrupting processing of the request; 

comparing information pertaining to the Downloadable against a 
15 predetermined security policy; and 

performing a predetermined responsive action based on the comparison. 

34. The medium of claim 33, wherein monitoring the operating system 
includes monitoring a request sent to a Downloadable engine. 



35. The medium of claim 33, 

wherein the Downloadable engine includes a Java™ virtual machine 
having Java™ classes; and 

wherein monitoring the operating system includes monitoring each Java''"'^ 
25 class for receipt of the request. 

36. The medium of claim 35, 

wherein the Downloadable engine includes an AppletX™ platform having 
a message engine, a dynamic-data-exchange and a dynamically-linked library; 
30 and 
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wherein monitoring the operating system includes monitoring the message 
engine, the dynamic-data-exchange and the dynamically-linl^ed library for receipt 
of the request. 

5 37. The medium of claim 33, further comprising determining whether 
information pertaining to the Downloadable violates a security rule. 

38. The medium of claim 37, further comprising determining whether violation 
of the security rule violates the security policy. 

10 

39. The medium of claim 33, further comprising: 

comparing information pertaining to the Downloadable with information 
pertaining to a predetermined suspicious Downloadable; and 

performing a predetermined responsive action based on the comparison 
1 5 with the information pertaining to the predetermined suspicious Downloadable. 

40. The medium of claim 33, wherein the predetermined responsive action 
includes storing results of the comparison in an event log. 

20 41 . The medium of claim 33, wherein the predetermined responsive action 
includes informing the user when the security policy has been violated. 

42. The medium of claim 33, wherein the predetermined responsive action 
includes storing information on the Downloadable in a suspicious Downloadable 

25 database. 

43. The medium of claim 33, wherein the predetermined responsive action 
includes discarding the Downloadable. 

30 44. The system of claim 1, wherein each subsystem includes one of a file 
system, network system, process system or memory system. 
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45. The system of claim 1 2, wherein each subsystem includes one of a file 
system, network system, process system or memory system. 

5 46. The system of claim 22, wherein each subsystem includes one of a file 
system, network system, process system or memory system. 

47. The system of claim 33, wherein each subsystem includes one of a file 
system, network system, process system or memory system. 
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